Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Audit - CPA > Audit - Internal control > Flashcards

Audit - Internal control Flashcards

1
Q

How can you define Internal control ?

A

The process designed⇒ implemented ⇒ maintained by management to provide
reasonable assurance about the reliability of financial reporting, effectiveness of operations and compliance with laws and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the objectives of Internal control ?

A

1- Reliability of financial reporting
2- Compliance with laws and regulations
3- Effectiveness and efficiency of operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Steps of the auditor’s work on Internal control ?

A

1- Documenting / evaluating : collect data ( Narratives, flowcharts, questionnaires)
2- Testing of controls : performed to verify Design and implementation
3- Report internal control weaknesses to management
4 - Decide the extent of Substantive testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the drawbacks of each type of documenting data over internal control ?

A

Narratives : might be insufficient in complex processes such as sales
Flowcharts : helps spot missing controls but an amendment may require drawing the whole chart
Questionnaire : easy to overstate the level of certain controls, questions should be well tailored to avoid misunderstanding risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the components of the internal control

A 
1- Control activities
2- Risk assessment
3- information system and communication
4- Monitoring
5 - Control environment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

1 - Control activities refers to …… used to … Internal control in order to

A

Control activities refers to policies and standards used to implement Internal control in order to mitigate risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

2 - Risk assessment : auditor should …

A

1- understand the process of the company
2- identify and asses ROMM in financial reporting
3- and then evaluate whether there is a deficiency in the risk assessment process of the internal auditor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

3 - Information system and communication

auditor should understand how …

A
  • Transactions are recorded, corrected and transferred to GL and reported in FS
  • How the client communicates, financial reporting matters
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

4 - Monitoring

verify is there an effective …

A
  • an effective internal control
  • should be reviewed over time on an ongoing basis or in a separate periods
  • report deficiencies to appropriate leadership
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

5 - Control environment refers to the … and … of the organization and actions

A

The tone and attitude, it includes actions of TCWG : ( PHRASED)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If internal control is poor and a company’s accounting practices are sloppy, which risk is higher?

A

Control risk increases with poor internal controls and sloppy accounting practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If internal control is poor, what is the effect on the audit?

A

Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does internal control provide reasonable assurance for?

A

Internal control provides reasonable assurance that:

  • Material misstatements will be prevented
  • Reliability/integrity of financial statements will be preserved
  • Assets are protected against misuse
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is required in an examination of internal control under Sarbanes-Oxley?

A

CEO/CFO must disclose internal control deficiencies.
Management must provide assessment of internal control.
Management must certify financial statements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the relationship between internal control and substantive testing?

A

Inverse Relationship

Stronger Internal Controls = Less Testing Needed
Weaker Internal Controls = More Testing Needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the three objectives of internal control?

A

The objectives of internal control are:

Reliability of financial reporting
Operational efficiency/effectiveness
Compliance with laws and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the purpose for a Control Environment assessment?

A

A Control Environment assessment sets tone for the entire company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the components of the Control Environment?

A

The components of Control Environment are:

Integrity/Ethics of Management
Competence of Management
Organizational Structure
Human Resource Policies
Assignment of Authority/Responsibility
Management's Style (riskier with a dominant/aggressive individual)
Board/Audit Committee involvement
19
Q

What does an auditor’s assessment of Detection Risk determine?

A

Detection Risk determines nature, timing, and extent of audit procedures.

20
Q

What determines the acceptable level of Detection Risk?

A

Risk of material misstatement determines acceptable level of Detection Risk.

21
Q

What situations or circumstances could increase the risk of material misstatement?

A 
Rapid growth in the company
Major changes to Operations
Personnel
IT Systems
Products
Corporate organization 
Foreign operations
22
Q

What happens when Control Risk is assessed to be at the maximum level?

A

No Internal Control testing is performed.

All audit procedures are increased in intensity to compensate for increased risk.

23
Q

What happens when Control Risk is below the maximum level?

A

Auditor tests Internal Controls.

Auditor evaluates Control Risk based on tests.

Auditor adjusts substantive tests accordingly.

Weaker Internal Control - More substantive tests

Stronger Internal Control - Less substantive tests

24
Q

Describe some common examples of Control Activities.

A

Control Activities include:

Performance Reviews
Information Processing
Physical Controls
Segregation of Duties

25
Q

What should an auditor understand with respect to Information and Communication on an audit?

A

An auditor should understand client’s:

  • Major Transaction classes
  • Transaction initiation
  • Support records/ documents
  • Transaction processing
  • FS internal reporting process
  • FS External reporting process
26
Q

How must an auditor document understanding of Internal Control?

A

Through Written documentation such as : Memos, Flowcharts and questionnaire

27
Q

What questions should be asked to determine the risk of material misstatement?

A

Were all transaction recorded ?
Were they timely ?
Were they measured appropriately ?
Were they recorded in correct period ?
Were they presented and disclosed properly ?
Did management communicate their responsibilities ?

28
Q

What is the purpose of internal control testing and what procedures does the auditor perform to test internal controls?

A

Auditor needs reasonable assurance that controls are functioning as designed and effective :
Internal control should be strong like IRON so that nothing gets past them:
I : Inquiry : Interview company personnel
R: Reperformance: Can it be replicated
Observation: Watch control be applied
Inspection : Dig into the details/documents

If results are as expected, Substantive procedures do not need to be adjusted

29
Q

When can controls tested by an auditor in a prior year be used in the current year’s audit assessment?

A

assuming they are r-tested every third year

30
Q

What happens if Internal Controls are deficient?

A
  • Control risk increases
  • Scope of Sub Procedure increases
  • Detection risk decreases
  • Material weakness
31
Q

What is a Material Weakness?

A

Reasonable possibility exists that a material misstatements in FS would not be found, and has more than a remote chance of occurrence

32
Q

What does Tracing test?

A

Tracing tests Completeness, it starts with the source document and traces forward to the journal entry

33
Q

What does Vouching test?

A

Vouching tests existence , it starts with journal entry and searches for a voucher or source document to support the entry

34
Q

What activities represent Segregation of Duties?

A

Non-Compatible duties performed by separate individuals such as :
Authorization of assets - Disbursement vs Recording of assets vs Custody of assets:
- If supporting audit evidence doesn’t exist, use Observation and Inquiry
- Accounting should be segregated from production

35
Q

With respect to signing checks, how are duties segregated?

A

Employees who prepare vouchers/ invoices should not also have the authority to sign checks
- Remember this as an underlying theme with Segregation of duties
The authority to make a payment should not also lie in the hands of those creating invoices/vouchers why ? People commit fraud by setting up fake companies and basically paying themselves

36
Q

With respect to custody of assets, how should duties be segregated?

A
  • Employees who have custody of assets should not also record those assets
  • Someone in charge of petty cash should not also control the petty cash records
  • Treasury Department (Custodians) should NOT record keeping duties. They control assets and should not be able to adjust any recording of those assets
37
Q

What are the limitations on Control Activities?

A

Controls can’t stop collusion or bad judgment

  • Management can override controls
  • Cos vs Benefit relationship of Internal Control
38
Q

What is required if a Material Weakness is identified?

A

A written report to management is required:

  • Report declaring that no material weaknesses were found is allowed
  • Previous weaknesses reported that still exist should be reported again
  • Shoudl be reported no later than 60 days after audit report release date
  • If one or more material weakness is uncorrected at year-end , an Adverse Opinion on Internal control must be given
39
Q

What is the effect of a Significant Deficiency? What is it?

A

A Significant deficiency adversely affects a company’s ability to report in the FS according to GAAP
- A significant deficiency is more than a remote likelihood of material misstatements by more than an inconsequential amount

40
Q

What must occur if a Significant Deficiency is identified?

A
  • If a significant deficiency is identified, a Written report to management is required
  • Report declaring that no significant deficiencies exist is not allowed
  • Previous deficiencies reported that still exist should be reported again
  • Should be reported no later than 60 days after the audit report release date>
41
Q

What is a Control Deficiency?

A

A control is not operating as intended

42
Q

What must an auditor ask if using the work of third parties?

A

ARE THEY COMPETENT ? Are they objective ?

43
Q

What must an auditor understand with respect to internal auditors?

A
  • The role of internal auditors within the organization because their work affects the audit plan
  • Responsability for judgements about materiality ir apropriatness of entries or estimates cannot be shared with third parties like Internal auditors
  • I.A should be asked to do some of the legwork like preparing schedule or running reprots
  • They should not be asked to make any judgements or decisons

Audit - CPA (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions